We currently have a backend server that listens for SSL requests, and (using SNI) chooses to pass them on to the correct place, or alternatively will serve the requested HTTPS.
Our current configuration is slow (not painfully, just slower than we'd like), and we figured having NGINX do some of the work would speed things up.
Can NGINX pass through some HTTPS requests (by domain) without modifying anything (by checking SNI in the initial packet)? Most (all?) websites indicate that I should decode and encode the traffic (which is not be possible because of cases such as https://google.com/).
So ultimately, what would be ideal for us is:
1. NGINX sits on network boundary, listening for SSL/TLS connections
2. When a new connection comes in, NGINX decides to pass on the TLS connection without touching it OR serve it as a regular HTTPS website (OR depends on domain)
Lastly, is there any current way to achieve X-FORWARDED-FOR with HTTPS? I understand it can't go into the actual HTTPS request, but figured it could be sent BEFORE the HTTPS decode packet. (the receiving end would have to understand this also)